openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update

A new image is available for Red Hat Single Sign-On 7.4.10 on OpenJDK, running on OpenShift Container Platform 3.10 and 3.11, and 4.3. Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On fo...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.4.10 security update

A security update is now available for Red Hat Single Sign-On 7.4 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.5.1 security update

A security update is now available for Red Hat Single Sign-On 7.5 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.3 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.3 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.3. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.3 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.3 security update

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

Mageia: Security Advisory (MGASA-2018-0320)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2021-0505)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

golang: net/http: limit growth of header canonicalization cache

There's an uncontrolled resource consumption flaw in golang's net/http library in the canonicalHeader function. An attacker who submits specially crafted requests to applications linked with net/http's http2 functionality could cause excessive resource consumption that could lead to a denial of...

OESA-2022-1499 golang security update

The Go Programming Language. Security Fixes: net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.CVE-2021-44716...

Debian DSA-5034-1 : thunderbird - security update

The remote Debian 10 / 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5034 advisory. Multiple security issues were discovered in Thunderbird, which could result in the execution of arbitrary code, spoofing, information disclosure, downgrade...

AZL-33604 CVE-2021-44716 affecting package kube-vip-cloud-provider for versions less than 0.0.2-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33612 CVE-2021-44716 affecting package local-path-provisioner for versions less than 0.0.21-16

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33613 CVE-2021-44716 affecting package moby-buildx for versions less than 0.7.1-18

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

AZL-33585 CVE-2021-44716 affecting package git-lfs for versions less than 3.1.4-17

net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests...

Debian DLA-2863-1 : firefox-esr - LTS security update

The remote Debian 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-2863 advisory. Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code, information...

OPENSUSE-SU-2021:1602-1 Security update for nextcloud

This update for nextcloud fixes the following issues: Update to 20.0.14 Security issues fixed: CVE-2021-41179: Fix boo1192028 - CWE-304: Two-Factor Authentication not enforced for pages marked as public CVE-2021-41178: Fix boo1192030 - CWE-434: File Traversal affecting SVG files on Nextcloud Serv...